Skip to content

Fix negative-axis handling in ExpandDims shape inference#29448

Open
tianleiwu wants to merge 3 commits into
mainfrom
tlwu/20260630/icm_fix_uaf
Open

Fix negative-axis handling in ExpandDims shape inference#29448
tianleiwu wants to merge 3 commits into
mainfrom
tlwu/20260630/icm_fix_uaf

Conversation

@tianleiwu

Copy link
Copy Markdown
Contributor

PR: Fix negative-axis handling in ExpandDims shape inference

Description

The com.microsoft.ExpandDims type/shape-inference function mishandled negative
axis values, which could lead to an out-of-bounds read during graph resolution
(Graph::Resolve). This PR corrects the axis normalization and makes the scalar
axis read robust to both tensor encodings, and adds a regression test that
exercises the shape-inference path.

Summary of Changes

Fix

File Change
onnxruntime/core/graph/contrib_ops/contrib_defs.cc Normalize a negative axis against the output rank (rank + axis + 1) instead of the off-by-two rank + axis - 1, so the insertion index stays within [0, rank]. Read the scalar axis via the existing ParseScalar helper, which handles both raw_data and int32_data encodings and validates the element count.

Test

File Change
onnxruntime/test/contrib_ops/expand_dims_test.cc Add ExpandDimsTest.NegativeAxisConstInitializerShapeInference plus a RunExpandDimsConstAxisTest helper that supplies axis as a constant initializer so the operator's shape-inference function is exercised (the existing tests pass axis as a runtime input, which skips that path).

Details

  • For an output of rank + 1 dimensions, a negative axis must be normalized as
    axis + (rank + 1). The previous rank + axis - 1 formula produced a negative
    insertion index for the most-negative valid axes, which was then used to index
    the protobuf dimension list out of bounds.
  • The axis value was previously read with int32_data()[0]. When the value is
    stored as raw_data (the common encoding for serialized models and the one
    produced by the test harness), int32_data() is empty and the access is out of
    bounds. ParseScalar decodes either encoding and validates the count.

Testing

  • Built onnxruntime_provider_test and ran the ExpandDims suite:
    ./onnxruntime_provider_test --gtest_filter="ExpandDimsTest.*" — all 6 tests pass.
  • Confirmed the new regression test fails (process aborts) without the fix and
    passes with it.
  • Existing positive/negative out-of-range and kernel tests are unchanged.

Checklist

  • Tests added/updated
  • Documentation updated (if applicable)
  • No breaking changes
  • CI passes

…rence

The com.microsoft.ExpandDims type/shape inference normalized a negative axis with an off-by-two formula (rank + axis - 1), which could yield a negative dimension index and an out-of-bounds read during graph resolution. Normalize against the output rank (rank + axis + 1), and read the scalar axis via ParseScalar so both raw_data and int32_data encodings are handled safely (the previous int32_data()[0] read could go out of bounds when the value is stored as raw_data).

Add a regression test that supplies the axis as a constant initializer to exercise the shape-inference path with negative axes.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes com.microsoft.ExpandDims type/shape inference for constant axis inputs by correctly normalizing negative axes against the output rank (rank + 1) and by decoding the scalar axis value safely from either raw_data or int32_data. It also adds a regression test that forces the shape-inference path to run during Graph::Resolve by providing axis as a constant initializer.

Changes:

  • Fix negative axis normalization to compute the correct insertion index for output rank rank + 1.
  • Read constant axis via the existing ParseScalar helper to avoid out-of-bounds reads when the initializer is stored as raw_data.
  • Add a regression test that supplies axis as an initializer to exercise the shape-inference codepath (not just the runtime kernel).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
onnxruntime/core/graph/contrib_ops/contrib_defs.cc Fix ExpandDims shape inference by safely parsing constant axis and correcting negative-axis normalization against the output rank.
onnxruntime/test/contrib_ops/expand_dims_test.cc Add a constant-initializer axis test helper and a regression test that exercises shape inference during graph resolution.

Comment thread onnxruntime/core/graph/contrib_ops/contrib_defs.cc Outdated
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants